CVE-2017-3136

Description

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.

CVSS Metrics

• v3.0•MEDIUM•Score: 5.9CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
• v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 48.52%• Percentile: 98%

Techniques & Countermeasures

• CWE-617•Reachable Assertion

  The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Affected Systems

• debian•debian_linux

  8.0

• isc•bind

  ≥ 9.8.0, ≤ 9.8.8 | ≥ 9.9.0, ≤ 9.9.9 | ≥ 9.10.0, ≤ 9.10.4 | 9.8.0:p1 | 9.9.0:p1 | 9.9.0:p2 | 9.9.0:p3 | 9.9.0:p4 | 9.9.0:p5 | 9.9.0:p6 | 9.9.3 | 9.9.3:s1 | 9.9.10:beta1 | 9.9.10:rc1 | 9.10.4:p1 | 9.10.4:p2 | 9.10.4:p3 | 9.10.4:p4 | 9.10.4:p5 | 9.10.4:p6 | 9.10.5:b1 | 9.10.5:rc1 | 9.11.0 | 9.11.0:p1 | 9.11.0:p2 | 9.11.0:p3 | 9.11.1:beta1 | 9.11.1:rc1

• isc•bind 9

  9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8

• netapp•data_ontap_edge

  na

• netapp•element_software

  na

• netapp•oncommand_balance

  na

• redhat•enterprise_linux_desktop

  6.0 | 7.0

• redhat•enterprise_linux_server

  6.0 | 7.0

• redhat•enterprise_linux_server_aus

  7.3 | 7.4 | 7.6

• redhat•enterprise_linux_server_eus

  7.3 | 7.4 | 7.5 | 7.6

• redhat•enterprise_linux_server_tus

  7.3 | 7.6

• redhat•enterprise_linux_workstation

  6.0 | 7.0

References (11)

• https://access.redhat.com/errata/RHSA-2017:1095
• https://security.gentoo.org/glsa/201708-01
• https://security.netapp.com/advisory/ntap-20180802-0002/
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us
• https://www.debian.org/security/2017/dsa-3854
• http://www.securitytracker.com/id/1038259
• http://www.securityfocus.com/bid/97653
• https://access.redhat.com/errata/RHSA-2017:1105
• https://kb.isc.org/docs/aa-01465
• http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
• http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html